UpskirtHayley
New Member
(dell)
CSRSS @ c/i386
click start..search for csrss and comes out with 5 results:
- CSRSS from C/i386
- CSRSS from c/windows/system32
- csrss and numbers end with hdmp from c/windows/PCHEALTH/ErrorRep/userdumps
- csrss and numbers end with mdmp from c/windows/PCHEALTH/ErrorRep/userdumps
- csrss and numbers end with mdmp from c/windows/PCHEALTH/ErrorRep/userdumps
went to C/ and found a folder called i386 and size of 988mb... open up... full of files... notepads, exe's, picture icon ect...
heres some of the names on the files in the i386 folder:
- sendmail.dll
- WINLOGON
- WSSCRIPT
- DellSys.dll
- AGENTSVR (shows man in suit with black shades and hat as icon)
- (jpeg file) name desktop_screen_shot. as preview on left side show desktop and desert wallpaper and browser open and paintshop open.
Heres some refference for you to help me get rid of this nasty virus:
- http://www.techspot.com/startup/1632/
- http://www.processlibrary.com/directory/files/pchealth
and here is result when scanned with SDfix:
Trojan Files Found:
Could Not Remove C:\csrss.exe
Could Not Remove C:\WINDOWS\lsasss.exe
Could Not Remove C:\WINDOWS\system32\remote.exe
Could Not Remove C:\WINDOWS\system32\windowz.exe
Could Not Remove C:\WINDOWS\system32\winsys.exe
Could Not Remove C:\WINDOWS\system32\winxp.exe
///////////////////////////////////////////////////////////////////////////
scanned full-scan with:
- AVG anti virus
- AVG anti spyware
- TCspy
- SDfix
- SmitRem
- Smitfraudfix
- ccleaner registry cleaner
- ccleaner cleaner
- scanned individual single file with avg.... no detect
click start... search winsys.exe..... shows winsys folder from c/WINDOWS/SYSTEM32.... open up.... inside see folder called:
- avpr.exe
here is refference for you to help me get rid of it http://www.auditmypc.com/process/avpr.asp
also remmeber my SDfix log result?:
Trojan Files Found:
Could Not Remove C:\csrss.exe
Could Not Remove C:\WINDOWS\lsasss.exe
Could Not Remove C:\WINDOWS\system32\remote.exe
Could Not Remove C:\WINDOWS\system32\windowz.exe
Could Not Remove C:\WINDOWS\system32\winsys.exe
Could Not Remove C:\WINDOWS\system32\winxp.exe
......this link http://www.auditmypc.com/process/avpr.asp shows that the avpr.exe is related to lsass which is similar like lsasss.exe
also here is some of the file/folder names in the winsys folder:
- ccsrs.exe
- CSRSS.EXE
- CSRSRV.DLL
- ****.exe
- gothica.exe
- winxp.exe
- ANTSetup.exe
- dla.exe
- LUSRMGR.MSC
- CMD.EXE
dont some of these look suspicious?
but as i look at this http://www.andybrain.com/archive/mb/i386-folder.htm it says the i386 is part of windows operating system...... but..... I already delete the i386 folder located at c/: with File Shredder already..... so what now? have I made the greatest negative decision?
CSRSS @ c/i386
click start..search for csrss and comes out with 5 results:
- CSRSS from C/i386
- CSRSS from c/windows/system32
- csrss and numbers end with hdmp from c/windows/PCHEALTH/ErrorRep/userdumps
- csrss and numbers end with mdmp from c/windows/PCHEALTH/ErrorRep/userdumps
- csrss and numbers end with mdmp from c/windows/PCHEALTH/ErrorRep/userdumps
went to C/ and found a folder called i386 and size of 988mb... open up... full of files... notepads, exe's, picture icon ect...
heres some of the names on the files in the i386 folder:
- sendmail.dll
- WINLOGON
- WSSCRIPT
- DellSys.dll
- AGENTSVR (shows man in suit with black shades and hat as icon)
- (jpeg file) name desktop_screen_shot. as preview on left side show desktop and desert wallpaper and browser open and paintshop open.
Heres some refference for you to help me get rid of this nasty virus:
- http://www.techspot.com/startup/1632/
- http://www.processlibrary.com/directory/files/pchealth
and here is result when scanned with SDfix:
Trojan Files Found:
Could Not Remove C:\csrss.exe
Could Not Remove C:\WINDOWS\lsasss.exe
Could Not Remove C:\WINDOWS\system32\remote.exe
Could Not Remove C:\WINDOWS\system32\windowz.exe
Could Not Remove C:\WINDOWS\system32\winsys.exe
Could Not Remove C:\WINDOWS\system32\winxp.exe
///////////////////////////////////////////////////////////////////////////
scanned full-scan with:
- AVG anti virus
- AVG anti spyware
- TCspy
- SDfix
- SmitRem
- Smitfraudfix
- ccleaner registry cleaner
- ccleaner cleaner
- scanned individual single file with avg.... no detect
click start... search winsys.exe..... shows winsys folder from c/WINDOWS/SYSTEM32.... open up.... inside see folder called:
- avpr.exe
here is refference for you to help me get rid of it http://www.auditmypc.com/process/avpr.asp
also remmeber my SDfix log result?:
Trojan Files Found:
Could Not Remove C:\csrss.exe
Could Not Remove C:\WINDOWS\lsasss.exe
Could Not Remove C:\WINDOWS\system32\remote.exe
Could Not Remove C:\WINDOWS\system32\windowz.exe
Could Not Remove C:\WINDOWS\system32\winsys.exe
Could Not Remove C:\WINDOWS\system32\winxp.exe
......this link http://www.auditmypc.com/process/avpr.asp shows that the avpr.exe is related to lsass which is similar like lsasss.exe
also here is some of the file/folder names in the winsys folder:
- ccsrs.exe
- CSRSS.EXE
- CSRSRV.DLL
- ****.exe
- gothica.exe
- winxp.exe
- ANTSetup.exe
- dla.exe
- LUSRMGR.MSC
- CMD.EXE
dont some of these look suspicious?
but as i look at this http://www.andybrain.com/archive/mb/i386-folder.htm it says the i386 is part of windows operating system...... but..... I already delete the i386 folder located at c/: with File Shredder already..... so what now? have I made the greatest negative decision?
